HSPD-12 opens door for widespread PKI use

By Jason Miller

Oct 27, 2006

The promise of using digital certificates, digitally signing e-mails and having single-sign-on capability across the government is closer than ever before. While agencies'in some way'have been developing public-key infrastructures since the 1990s, Homeland Security Presidential Directive-12 is the shot in the arm this technology has needed for a long time, said Tim Polk, PKI program manager at the National Institute of Standards and Technology.

'This is the chance for us to get some things right that we haven't for the past 10 years,' Polk said yesterday at an HSPD-12 conference in Arlington, Va., sponsored by market research firm Input Inc. of Reston, Va. 'HSPD-12 and [Federal Information Processing Standard] 201 changes everything. It is not the killer app we have been looking for'[but] a lot of pieces of the interoperability puzzle have been solved.'

Polk, who has been working on PKI since 1991, said many agencies faced the chicken-or-the-egg scenario when it came to implementing the infrastructure.

For years, agency managers asked 'Why should we build or buy applications when there is no infrastructure to support them? And why should we build an infrastructure when there are no apps to run on them?' he said.

But with HSPD-12 becoming a reality'the deadline for agencies to have the capability to issue one card is tomorrow'agencies were forced to set up the infrastructure and now it is up to vendors to bring the software to their attention, Polk said.

Some agencies are using PKI already, including the Defense Department, which mandated that all services and agencies had to implement the technology by July 31. About 80 percent of the offices met the edict by the deadline, Defense officials have said.

One agency'the Treasury Department'and private firms also provide PKI certificates for agencies to purchase and implement.

But thanks to FIPS-201, PKI is a lot simpler to implement and use than it was two years ago, he said.

'You know what the PKI will look like, you know the key size, you know the algorithm it will support, there are so many questions that have been answered,' he said. 'The previous way was to let 11,000 flowers bloom where all agencies did PKI differently.'

Polk realizes that agencies are focused on issuing FIPS-201-compliant cards for the immediate future, but he said agencies will begin to see the additional benefits over the next few years.

He pointed to PKI replacing the need for multiple passwords and the databases that hold them. He said telecommuting will get easier by using PKI-enabled virtual private networks, and implementing digital signatures to make e-mail more secure or signing electronic documents is not far off.

'This is an opportunity for agencies to do things they often wanted to do,' Polk said. 'HSPD-12 took the complexity out of an awful lot of pieces of PKI.'